RSA's Post-Breach Security

RSA 's New CSO Discusses Cyber Threats, Company Morale

Eddie Schwartz, the new - and first - chief security officer of RSA, says the IT security provider hit by a sophisticated advanced-persistent-threat attack in March is focusing internal security on efforts to reduce the time an intruder can go undetected."The trick really is to think about how do we shorten the risk window ... when you think about future breaches," Schwartz says in one of his first interviews since becoming RSA's CSO earlier this month (see RSA Explains Duties of New CSO). That, he says, is what RSA security professionals are doing.

In the interview with Information Security Media Group (click at right on a podcast option to listen), Schwartz says we're in a new era of computer security in which every type of organization - banks, corporations, governments and even security providers - are being penetrated. "It's just a fact of life that we all have to come to grips with," Schwartz says. "Now the question is, how open is that window of risk during which the attacker is in our organization and can we put measure in place that increase both control and visibility during that timeframe?"

RSA revealed in March hackers targeted a database for its SecurID two-factor authentication token that stored the seeds, or random keys, that could be tied to specific tokens (see RSA Says Hackers Take Aim At Its SecurID Products). In June, RSA acknowledged that information taken from its computer had been used to breach Lockheed Martin IT systems. RSA said it would replace customers' SecurID tokens (RSA: SecurID Hack Tied to Lockheed Attack).

Schwartz says the breach didn't shame the security professionals at RSA and its owner, storage maker EMC. Rather, he says, it incentivized them. "You may think of something like this: 'Oh, my gosh, this is a terrible situation for these guys,'" Schwartz says. "But guys who are true, hardcore incident responders, for them, these are times when they really thrive because it gives them an opportunity to get a better window into advanced, adversarial techniques. Out of that process (comes) better solutions."

In the interview, with GovInfoSecurity.com's Eric Chabrow, Schwartz discusses:

  • User responsibility for securing and managing passwords and other knowledge elements of multifactor authentication.
  • RSA's efforts advising customers anxious about using SecurID and other company offerings.
  • A private conference RSA is sponsoring later this month with some 100 invited security professionals, including government and corporate CISOs, that will explore the existing IT security landscape.

In coming days, we'll post a second interview with Schwartz, who will explain why he took the job of the top security official of a security company that had been breached (see RSA Explains Duties of New CSO).

Since January 2007, Schwartz had served as CSO at NetWitness, an EMC-owned network security provider of real-time network forensics and automated threat analysis. Before joining NetWitness, Schwartz served as chief technology officer of ManTech Security Technologies, senior vice president of operations of Guardent and executive vice president of operations for Predictive Systems. He also worked as chief information security officer at Nationwide Insurance, as a senior computer scientist for CSC and a foreign service officer with the State Department.





Around the Network